Put your vault secrets in your process.env
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
test fix error message when an environment variable used by Secretfile is … Aug 31, 2018
.gitignore Initial commit Mar 8, 2016
LICENSE Initial commit Mar 8, 2016
README.md
cli.js v2.0.0 lease rotation, secret path deduplication, gif Mar 9, 2016
gif.gif
local.js add parameter to skip setting environment (#3) Jan 23, 2017
main.js v2.0.0 lease rotation, secret path deduplication, gif Mar 9, 2016
package.json fix error message when an environment variable used by Secretfile is … Aug 31, 2018
parseSecretfile.js fix error message when an environment variable used by Secretfile is … Aug 31, 2018
prepare.js v4.3.0 support for VAULT_SECRETS option when you don't want a file at… Jan 26, 2018
rotate.js v2.0.0 lease rotation, secret path deduplication, gif Mar 9, 2016

README.md

vault-env-js

Put your vault secrets in your process.env

vault-env demo

Install the package

npm install --save vault-env

Write a Secretfile in your app directory

DATABASE_URL secrets/databases/main:url

Require vault-env and the environment variables are loaded

require('vault-env')

console.log(process.env.DATABASE_URL)
// => 'postgres://...'

Provide your app with VAULT_ADDR and VAULT_TOKEN environment variables when you run it.

VAULT_ADDR=https://localhost:8200 VAULT_TOKEN=12345 node ./app.js

Require vault-env/rotate and vault-env will request new leases before your secrets expire, keeping your environment variables up to date forever.

require('vault-env/rotate')

// check the database url
console.log(process.env.DATABASE_URL)
// => 'postgres://username:password@host/db'

// check again in six weeks
setTimeout(function () {
  console.log(process.env.DATABASE_URL)
  // => 'postgres://user:newpassword@host/db'
}, 1000 * 60 * 60 * 24 * 7 * 6)

Watch for secret changes

var vaultEnv = require('vault-env/rotate')

vaultEnv.on('DATABASE_URL', function (newDB, oldDB) {
  console.log('DATABASE_URL has changed to ' + newDB + ' from ' + oldDB)
})

Require vault-env/local and vault-env will not set your environment your variables will only be exported by the module as regular variables

var secret = require('vault-env/local')

console.log(secret.DATABASE_URL)
// => 'postgres://...'